<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ActionController::ForceSSL</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" href="../../css/reset.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/main.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/github.css" type="text/css" media="screen" />
<script src="../../js/jquery-1.3.2.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/jquery-effect.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/main.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/highlight.pack.js" type="text/javascript" charset="utf-8"></script>

</head>

<body>     
    <div class="banner">
        
            <span>Ruby on Rails v4.0.0</span><br />
        
        <h1>
            <span class="type">Module</span> 
            ActionController::ForceSSL 
            
        </h1>
        <ul class="files">
            
            <li><a href="../../files/actionpack/lib/action_controller/metal/force_ssl_rb.html">actionpack/lib/action_controller/metal/force_ssl.rb</a></li>
            
        </ul>
    </div>
    <div id="bodyContent">
        <div id="content">
  
    <div class="description">
      
<p>This module provides a method which will redirect browser to use HTTPS
protocol. This will ensure that user’s sensitive information will be
transferred safely over the internet. You <em>should</em> always force
browser to use HTTPS when you’re transferring sensitive information such as
user authentication, account information, or credit card information.</p>

<p>Note that if you are really concerned about your application security, you
might consider using <code>config.force_ssl</code> in your config file
instead. That will ensure all the data transferred via HTTPS protocol and
prevent user from getting session hijacked when accessing the site under
unsecured HTTP protocol.</p>

    </div>
  


  


  
  


  
    <!-- Namespace -->
    <div class="sectiontitle">Namespace</div>
    <ul>
      
        <li>
          <span class="type">MODULE</span>
          <a href="ForceSSL/ClassMethods.html">ActionController::ForceSSL::ClassMethods</a>
        </li>
      
    </ul>
  


  
    <!-- Method ref -->
    <div class="sectiontitle">Methods</div>
    <dl class="methods">
      
        <dt>F</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="ForceSSL.html#method-i-force_ssl_redirect">force_ssl_redirect</a>
              </li>
            
          </ul>
        </dd>
      
    </dl>
  

  
    <!-- Includes -->
    <div class="sectiontitle">Included Modules</div>
    <ul>
      
        <li>
          
            <a href="../AbstractController/Callbacks.html">
              AbstractController::Callbacks
            </a>
          
        </li>
      
    </ul>
  



  

    

    

    
      <!-- Section constants -->
      <div class="sectiontitle">Constants</div>
      <table border='0' cellpadding='5'>
        
          <tr valign='top'>
            <td class="attr-name">ACTION_OPTIONS</td>
            <td>=</td>
            <td class="attr-value">[:only, :except, :if, :unless]</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
          <tr valign='top'>
            <td class="attr-name">URL_OPTIONS</td>
            <td>=</td>
            <td class="attr-value">[:protocol, :host, :domain, :subdomain, :port, :path]</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
          <tr valign='top'>
            <td class="attr-name">REDIRECT_OPTIONS</td>
            <td>=</td>
            <td class="attr-value">[:status, :flash, :alert, :notice]</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
      </table>
    


    


    <!-- Methods -->
        
      <div class="sectiontitle">Instance Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-i-force_ssl_redirect">
            
              <b>force_ssl_redirect</b>(host_or_options = nil)
            
            <a href="ForceSSL.html#method-i-force_ssl_redirect" name="method-i-force_ssl_redirect" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              <p>Redirect the existing request to use the HTTPS protocol.</p>

<h4 id="method-i-force_ssl_redirect-label-Parameters"><a href="Parameters.html">Parameters</a></h4>
<ul><li>
<p><code>host_or_options</code> - Either a host name or any of the url &amp;
redirect options</p>

<pre>available to the &lt;tt&gt;force_ssl&lt;/tt&gt; method.</pre>
</li></ul>
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-force_ssl_redirect_source')" id="l_method-i-force_ssl_redirect_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/ab08519b1aed46dbd4b3e13932bbaddfe42d8315/actionpack/lib/action_controller/metal/force_ssl.rb#L76" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-force_ssl_redirect_source" class="dyn-source">
                <pre><span class="ruby-comment"># File actionpack/lib/action_controller/metal/force_ssl.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">force_ssl_redirect</span>(<span class="ruby-identifier">host_or_options</span> = <span class="ruby-keyword">nil</span>)
  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">request</span>.<span class="ruby-identifier">ssl?</span>
    <span class="ruby-identifier">options</span> = {
      <span class="ruby-value">:protocol</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">'https://'</span>,
      <span class="ruby-value">:host</span>     =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">request</span>.<span class="ruby-identifier">host</span>,
      <span class="ruby-value">:path</span>     =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">request</span>.<span class="ruby-identifier">fullpath</span>,
      <span class="ruby-value">:status</span>   =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:moved_permanently</span>
    }

    <span class="ruby-keyword">if</span> <span class="ruby-identifier">host_or_options</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Hash</span>)
      <span class="ruby-identifier">options</span>.<span class="ruby-identifier">merge!</span>(<span class="ruby-identifier">host_or_options</span>)
    <span class="ruby-keyword">elsif</span> <span class="ruby-identifier">host_or_options</span>
      <span class="ruby-identifier">options</span>.<span class="ruby-identifier">merge!</span>(<span class="ruby-value">:host</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">host_or_options</span>)
    <span class="ruby-keyword">end</span>

    <span class="ruby-identifier">secure_url</span> = <span class="ruby-constant">ActionDispatch</span><span class="ruby-operator">::</span><span class="ruby-constant">Http</span><span class="ruby-operator">::</span><span class="ruby-constant">URL</span>.<span class="ruby-identifier">url_for</span>(<span class="ruby-identifier">options</span>.<span class="ruby-identifier">slice</span>(*<span class="ruby-constant">URL_OPTIONS</span>))
    <span class="ruby-identifier">flash</span>.<span class="ruby-identifier">keep</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">respond_to?</span>(<span class="ruby-value">:flash</span>)
    <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">secure_url</span>, <span class="ruby-identifier">options</span>.<span class="ruby-identifier">slice</span>(*<span class="ruby-constant">REDIRECT_OPTIONS</span>)
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                    </div>

    </div>
  </body>
</html>    